Thursday, May 4, 2000

5/4/2000 7:29:21 PM

Government alleges new anticompetitive moves by Microsoft.
This article
in the LA Times spotlights a little-noticed point in last Friday's
court filing: an accusation by the DoJ and 17 states that Bill Gates
directed subordinates to improve Windows 2000's compatibility with
Windows / CE products, at the expense of Palm users. Microsoft
angrily denied everything.

Note: Earlier versions of this note referred to the ILOVEYOU malware
as a trojan. My brother sent a note convincing me that it is more
properly characterized as a worm. The anti-virus companies have
settled on this terminology as well.

[05may, 9:23 am]
For the most authoritative description of the worm, see the
CERT advisory.

This worm, possibly from the Phillipines, is spreading like wildfire
as we speak. One news report claimed it has twice the velocity of
Melissa. I received 8 copies of it in the hour preceding the first
version of this note (to no ill effect, as I'm Mac- and
Eudora-based). The worm carries a simple VBscript attachment named
LOVE-LETTER-FOR-YOU.TXT.vbs. The worm infects Windows machines on
which Windows Scripting Host is running and spreads using the
Outlook email agent and the mIRC client, if present. If you use
another email client you could still be infected -- you'd have to
execute the attachment -- but the worm won't propagate further by
email.

Mutations are already in circulation. The first used the subject
line fwd: Joke and an attachment named Very Funny.vbs;
aside from the name change it's identical to VBS/LoveLet.A.

[05may, 8:54 am]
Subtler variations are springing up. David 'Pablo' Cohn sent me an
email he had received yesterday evening just before 10:00 pm EDT. It
had no subject and the following text. Cohn writes, "The message was
surprising enough that I almost opened the attachment, before
realizing that it was VBScript." The attachment was, of course,
VBS/LoveLet.A.

Thanks for your purchase!
We have proceeded to charge your credit card for the amount of $326.92 for
the mothers day diamond special. We have attached a detailed invoice to this
email. Please print out the attachment and keep it in a safe place.
Thanks Again and Have a Happy Mothers Day!
Mothersday@gurlmail
mothersday.vbs

If you receive an email titled ILOVEYOU, don't click on it.
Depending on how you have Outlook's preview pane set up, merely
selecting the message can trigger the worm. The worm also runs each
time your machine is rebooted. It'll send itself to everybody in all
your Outlook address books, mess about in your registry, and
overwrite with a copy of itself all of your files with any of these
extensions: vbs, vbe, js, jse, css, wsh, sct, hta, jpg, and jpeg. It
merely hides -- but does not delete -- .mp2 and .mp3 files, after
copying itself into files of the same names with .vbs appended. It
overwrites both local files and files on any mapped network drives.
If you ever double-click on one of these, your formerly beloved
files, the worm's payload will fire all over again.

The worm also tries to download a program, which runs at system
startup, to steal your passwords and mail them off to the
Phillipines. The four URLS in the original worm, one of which is
chosen at random when the worm runs, are no longer valid. (Note to
the Phillipine authorities: start by questioning the users
young1s, angelcat, koichi, and chu at
skyinet.net in Manila, followed by mailme at super.net.ph.)

CNet's coverage
gives a good overview, Kurt DeMaagd provides
instructions
and a script
for cleaning up after the worm, if you feel comfortable
editing your Windows registry. Response from this site may be
slow as this link was Slashdotted. Go
here for a
Sendmail patch that will stop ILOVEYOU at the border -- not a PC
anti-virus payload, rather a sysadmin tool.

In Slashdot's informative
discussion
on the worm, several posters suggest that Microsoft should change the name
of Outlook to Microsoft Lookout.

Here's a fine example of how not to write about viruses: this
BBC
article is full of hysteria and misinformation. Thanks to Ian Usher for
this cite.

5/4/2000 9:11:52 AM

Iridium: couldn't have said it better.
John Kristoff sent this along, adding "This probably isn't newsworthy enough for you,
but I had to send it to someone." (Hey, I could do worse than be the one who comes
to mind when you've just gotta send it to someone.) Visit this
page for
a most understated belly-laugh. If they fix the page to be more informative and
therefore less unintentionally hilarious, you can always visit this
mirror (53K). (Thanks to the gang at
Need To Know for the mirror naming convention.)

Tuesday, May 2, 2000

5/2/2000 5:21:30 PM

New Siliconium: Bit Valley.Siliconia is an occasional TBTF
feature tracking the worldwide spread of Silicon-Valley wannabeism.
David James penned an article for Upside, titled
Bit
Valley Fever, about the Japanese hunger for US-style
venture-backed entrepreneurial spirit. Bit Valley is not so
much a place as a state of mind. James didn't coin the term, it's in
widespread use in Japan, he says. Here's how James "locates" Bit
Valley:

Bit Valley takes its name from Shibuya, which literally
translates as "bitter" (shibu) and "valley" (ya). First named
the Bitter Valley Association, it was soon digitized to the Bit
Valley Association. Now Bit Valley is a generic term with
diminished geographic relevance, akin to the term Silicon
Valley.

Monday, May 1, 2000

5/1/2000 8:02:30 PM

GPS gets more accurate at midnight.
The White House announced today that at midnight Dr. Neal Lane,
Presidential science adviser, will throw a switch and render
every civilian GPS receiver in the world 10 times more accurate.
here are other links, courtesy of TBTF Irregular Monty Solomon:

Sunday, April 30, 2000

4/30/2000 2:32:43 PM

ssleay.org no longer a trusted source.
Received this note from Scot Wilcoxon, a Unix consultant. A quick
count with Alta Vista shows 1331 links to ssleay.org. The domain
name was registered to one James Woods, of Fresno, CA, on April 3.

As I was updating my security skills this week, I found that the
ssleay.org domain has become lost. Someone registered it a few
weeks ago and it now only contains banner ads and an ad for the
domain company userfriendly.com (apparently no relationship to the
humorous userfriendly.org, according to
the latter's FAQ).

Many security sites and documents still point to ssleay.org, so
apparently its loss was not announced and expected in the security
community. I don't know who was in charge of it after the
SSLeay creators went to RSA Australia.

As any transition between providers would have been brief and the
site content should have reappeared quickly, it seems someone
unknown to the security community has grabbed that domain. It would
be nice if someone in the community who knows who the SSLeay.org
webmaster was could confirm if the new owner has any known security
credentials.

There are quite a few security web sites that need to find out if
their links need updating.

Monday, April 24, 2000

4/24/2000 5:52:31 PM

Anti-trust wallpaper.
With the DoJ's recommendations for anti-trust remedies due any day now,
here's a site to
help your computer express your opinions on the case. (Unless of course
your opinions favor Microsoft.)

Thanks to Steve Kremer, who perpetrates Joke Wallpaper on an
unsuspecting world.

4/24/2000 12:24:26 PM

Interesting times (IP and the law).
This
Upside
article, based on an interview with Columbia law professor Eban Moglen,
takes the longest view I've yet seen of the battle between intellectual
property and the Net. Moglen looks back in history for parallels with
the clash of Information wants to be free vs. Information wants
to be costly. Moglen views the lawsuits over CPhack and DeCSS -- and
the much larger battle
just forming
over Napster, Gnutella, and Freenet -- as the opening salvos in a war
that may rage for decades. Read this article if you do nothing else
today.

Thanks to Carl Juarez for the pointer.

4/24/2000 11:12:16 AM

Jamming satcomms on the cheap.
Recently a US Air Force team ran a
little exercise.
Two rookie engineers were instructed to build a satellite-communications
jammer using whatever parts they could buy for cash. For guidance in
designing such a device they were to rely only on a Net connection. They
spent $7500 to construct this sweet little device that can be transported
in a pickup truck. It's powered by a gasoline generator; the active
ingredient was picked up at an electronics swap meet.

This venue represents an experiment in more timely and less "cooked"
TBTF news coverage. You'll read here things that came through my
desktop machine mere minutes before. The TBTF Log replaces the Tasty
Bit of the Day feature.

You can receive a collected week's worth of TBTF Log items by email
every Sunday evening; simply fill out the form.

Do you value this service?

The email and Web editions of Tasty Bits from the Technology Front
represent my best effort to present engaging, cogent news and analysis
on what matters to the life of the Net. The TBTF newsletter will continue
as before.